Host Private Gits for Free with GitLab

Type: Git Repository Host

Best Website For: Closed-Source Git Respositories

Reason it's on The Best Sites:

GitLab is on The Best Sites because it lets you host private gits for free. Github is more popular but GitLab lets you close your repositories from the public - something that Github charges for. You can also install GitLab on a server and host on your own - it's free open-source software.

GitLab

Having been involved in other open source projects, I know how exciting it is to collaborate in an open community and work with passionate people from different parts of the world. I recently joined GitLab to work with our community of contributors, and I wanted to share a list of activities that I’m planning to help grow the community:

1. Streamline onboarding documentations

2. Proactively reach out to first-time contributors

I want to start congratulating new contributors who successfully complete their first merge request. Stay tuned for new swag and opportunities to be paired with mentors who are experienced GitLab community members.

3. Launch new blog post series

Speaking of experienced contributors, I’d like to highlight some of them with a new blog post series, since their experience working in the GitLab community will be helpful for new contributors. The first post features Core Team member Vitaliy Klachkov.

4. Kick off Core Team meeting

We just kicked off a regular meeting with the Core Team to discuss topics of interest for the GitLab community. This recorded meeting will be open to anyone. The Core Team will also use Service Desk so that anyone in the community can view and participate in discussions.

Thanks for reading my blog post. Your feedback/questions are always welcome and you can reach me at rpaik@gitlab.com.

Interested in learning how you can contribute?

A good place to start would be the Contributing to GitLab page, where you can learn how you can contribute to GitLab code, documentation, and translation.

Better and faster. These two words best describe the production goals of the IT leaders and engineers building today’s cutting-edge software. And GitLab Auto DevOps can help them hit those goals while improving their overall business outcomes.

As the only single application for the complete DevOps lifecycle, GitLab Auto DevOps gives development teams all the tools they need to deliver secure, high-quality software at previously unattainable speeds. The secret sauce that makes Auto DevOps so effective is the way it automatically sets up the required integrations and pipeline needed to get your software out of the door faster. With Auto DevOps, your code is automatically tested for quality, scanned for security vulnerabilities and licensing issues, packaged and then set up for monitoring and deployment, leaving engineers with time to place more attention on creating a better product.

This may all make sense in theory, but as they say, a picture is worth 1,000 words. And it is rumored that video is worth 1.8 million words. With that being said, why not take a look at GitLab Auto DevOps in action? Check out this demo from a recent Release Radar webcast:

Forrester recently evaluated GitLab as a Strong Performer in The Forrester New
Wave™: Value Stream Management Tools, Q3 2018 report. The evaluation comes after
Forrester reviewed 13 different vendors and their approaches to enable end-to-end value stream management of the software delivery lifecycle. This is a new area of coverage at Forrester,
recognizing the trend in the industry where organizations are focusing on
improving and optimizing their software delivery value stream. Forrester considered
GitLab's capabilities and strategy and characterized GitLab as a Strong Performer.
According to the report, “GitLab combines end-to-end capability with the power of open
source. GitLab offers a DevOps tool for each step of the software development process.
Top-level views sitting across these tools provide its VSM functionalities.”

Forrester defined the role of Value Stream Management (VSM) in the
lifecycle as: "VSM is an emerging tool category that connects an organization’s
business to its software delivery capability. VSM tools provide multiple roles
– product managers, developers, QA, and release managers – a view into planning,
health indicators, and analytics, helping them collaborate more effectively to
reduce waste and focus on work that delivers value to the customer and the business."

GitLab supports the entire SDLC

Value stream management enables teams to visualize, manage, and optimize their
software delivery pipelines. The goal of DevOps transformations is to enable
teams to ship faster without sacrificing quality or security. Ultimately, the
approach in DevOps is the same as in lean manufacturing, where reducing work in
progress and eliminating "waste" enables organizations to improve their value stream.

Because GitLab is a single application, supporting the entire delivery lifecycle,
"value stream" metrics and KPIs are easier to track. For example, GitLab Cycle
Analytics is one view of how the value stream is performing. Because GitLab is able to track the entire lifecycle, there are many other possible value stream views available. Check out our Value Stream Management page to learn
more about how GitLab is delivering metrics and value stream management to help
improve your DevOps lifecycle.

We’re excited about what the future holds for value stream management, so it’s
great to know that others see the importance of managing end-to-end delivery and
value metrics. We think the research by Forrester will help IT leaders evolve
and improve their software delivery processes, which is where we think GitLab's
approach to addressing the end-to-end lifecycle can help. We agree with Forrester
which observed, “Organizations that want a comprehensive VSM solution that can also
serve as their DevOps tool chain will really appreciate GitLab.”

Please be aware that by default the Omnibus packages will stop, run migrations,
and start again, no matter how “big” or “small” the upgrade is. This behavior
can be changed by adding a /etc/gitlab/skip-auto-migrations file,
which is only used for updates.

One of the things we love about GitLab is that while it can replace all your other software development lifecycle tools (no, really); it doesn't have to. Whether you want to rip and replace everything or use it for one or two stages of your workflow, alongside your existing toolset (for now, or forever), we've got you covered.

One of the things we're most often asked about is how GitLab works together with Jira for issue tracking, and Jenkins for CI. This could be for one of two reasons:

Your organization is happy with your issue tracking and CI solutions, and just want to use GitLab for other features, or

You plan to move to GitLab for your end-to-end software development lifecycle, but that's a significant undertaking and it may be less disruptive to migrate on a project-by-project basis.

No matter the reason, what's important is maintaining the context of work without having to switch between applications frequently. With these integrations you can transition Jira issue states via GitLab, as well as see GitLab commits, branches, and merge requests in the Jira development panel. You can also view the status of Jenkins pipelines in GitLab to optimize your use of GitLab Merge Requests.

I recorded this demo to show what a workflow using all three would look like.

Google's Partner Summit kicked off a day before the broader Next conference started. At the summit, we were honored to receive the Google Cloud Partner Award for Innovative Solution in Developer Ecosystem for the tight integration with GKE we released earlier this year. Of course, we decided to take some fun photos with the cloud logo.

Launch partner for GCP Marketplace with Kubernetes Apps

While the GCP Marketplace announcement went out a few days before the show, there was still a lot of buzz about it at Google Next. In addition to traditional apps, which deploy VMs on Compute Engine, the new GCP Marketplace now supports Kubernetes apps, which deploy to a Kubernetes cluster running on Google Kubernetes Engine. We were happy to be a launch partner, offering the ability to install GitLab via the GCP Marketplace on day one.

Serverless, Knative, and Istio

Knative and Istio are two new projects announced during the show that we're excited about. Knative enables "serverless" workloads on Kubernetes while Istio is a service mesh for microservices. Check out Josh chatting live with Sid from the show (where Wi-Fi was a bit choppy) about serverless, Knative, and Istio, and how these technologies can potentially tie in with GitLab.

Google Cloud Build + GitLab CI/CD

One of the key announcements from the show was the introduction of Google Cloud Build, a CI/CD tool for GCP. Many folks asked us if we saw this as competitive to GitLab CI/CD, and how that would affect our partnership with Google. First and foremost, GitLab supports a mutli-cloud strategy. We partner with all of the major cloud vendors to ensure GitLab CI/CD can support multi-cloud deployments. Many cloud vendors have their own CI/CD tooling, like AWS Code Deploy or IBM Cloud Pipelines. For us, Cloud Build is just another point of collaboration. In fact, our own Josh Lambert teamed up with Christopher Sanson to create a GitLab + Google demo for Christopher's session, "CI/CD for Hybrid and Multi-Cloud Customers."

Then Christopher showed how to use GitLab CI/CD and GitLab container registry while offloading the infrastructure build to Google Cloud Build. Using Google Cloud Build together with GitLab CI/CD is one way to overcome some of the security problems of docker-in-docker (e.g. requires privileged containers). Check out the video below to see it in action. Additionally, here's an example ruby app with a sample configuration for connecting Gitlab CI/CD to Cloud Build.

GitLab.com is migrating to GCP

"Our friends at GitLab have created a complete open source DevOps stack" - Melody Meckfessel, Vice President of Engineering, Google Cloud Platform

As part of our plans to make GitLab.com a rock solid, enterprise-ready SaaS offering, we are migrating from Azure to Google Cloud Platform. We’ve been carefully planning this migration for many months and are now very close to executing with a target migration date of August 11. Melody Meckfessel talked a bit about our migration during her keynote on Thursday. Check out our previous blog post to read up on the full details of GitLab’s GCP migration.

Talking to you

Of course one of our favorite parts of any trade show is getting to meet our users and customers face to face. We love hearing the palpable excitement when you talk about how GitLab is streamlining your toolchain or easing your move to Kubernetes. We love sharing the story with folks who don’t know yet and seeing their faces light up when we tell them GitLab’s not just a version control solution, but an end-to-end DevOps application with built-in project planning, CI/CD, container registry, monitoring, and more. Google Next ’18 was a great show, and we can’t wait to see you next time! Check out the full list of events we’ll be at to find one close to you.

Today we are releasing versions 11.1.2, 11.0.5, and 10.8.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).

These versions contain a number of important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately.

The vulnerability details will be made public on our issue tracker in approximately 30 days.

Please read on for more information regarding this release.

Markdown DoS

An 11.1.0 regression caused Markdown rendering times to slow exponentially, possibly leading to a denial of service. This issue is now resolved in the latest release and is assigned to CVE-2018-14601.

Versions Affected

Affects GitLab CE/EE 11.1.0.

Remediation

We strongly recommend that all installations running an affected version above to be upgraded to the latest version as soon as possible.

Information Disclosure Prometheus Metrics

GitLab Prometheus metrics was disclosing private project pathnames. This also affected the Prometheus instances on monitor.gitlab.net. The issue is now resolved in the latest release and is assigned to CVE-2018-14602.

Versions Affected

Affects GitLab CE/EE 9.0 and later.

Remediation

We strongly recommend that all installations running an affected version above to be upgraded to the latest version as soon as possible.

CSRF in System Hooks

The "Test" feature of the System Hooks component contained low severity CSRF vulnerability. The issue is now resolved in the latest release and is assigned to CVE-2018-14603.

Versions Affected

Remediation

We strongly recommend that all installations running an affected version above to be upgraded to the latest version as soon as possible.

Persistent XSS Pipeline Tooltip

The tooltip of the job inside the CI/CD pipeline was not properly sanitized and resulted in a persistent XSS. The issue is now resolved in the latest release and is assigned to CVE-2018-14604.

Thanks to @fransrosen for responsibly reporting this vulnerability to us.

Versions Affected

Affects GitLab CE/EE 10.7 and later.

Remediation

We strongly recommend that all installations running an affected version above to be upgraded to the latest version as soon as possible.

Persistent XSS in Branch Name via Web IDE

The branch name was not properly sanitized when committing a file via the Web IDE which resulted in a persistent XSS. The issue is now resolved in the latest release and is assigned to CVE-2018-14605.

Thanks to @fransrosen for responsibly reporting this vulnerability to us.

Versions Affected

Affects GitLab CE/EE 10.7 and later.

Remediation

We strongly recommend that all installations running an affected version above to be upgraded to the latest version as soon as possible.

Persistent XSS Milestone Promotion

When promoting a Milestone, the name of the Milestone is not sanitized properly which results in the notification to trigger a persistent XSS. The issue is now resolved in the latest release and is assigned to CVE-2018-14606.

Thanks to @fransrosen for responsibly reporting this vulnerability to us.

Versions Affected

Affects GitLab CE/EE 10.6 and later.

Remediation

We strongly recommend that all installations running an affected version above to be upgraded to the latest version as soon as possible.

Mattermost Updates

Mattermost has been updated to version 5.0.2, and it contains a security fix that's also been backported to 4.10.2.

In July 2016, the GitLab CEO confirmed the open-core business model of the company.[18]

In September 2016, GitLab raised $20 million in Series B funding from August Capital and others.[19]

In January 2017, a database administrator accidentally deleted the production database, in the aftermath of a cyber attack. Six hours worth of issue and merge request data was lost.[20]

On March 15, 2017, GitLab announced the acquisition of Gitter. Included in the announcement was the stated intent that Gitter would continue as a standalone project. Additionally, GitLab announced that the code would become open source under an MIT License no later than June 2017.[21]

In October, 2017, GitLab raised $20 million in Series C funding from GV and others.[22]

In May 2018, GNOME moved to GitLab with over 400 Projects and 900 Contributors.[23][24]